Back to search
CVE-2003-1095
Published: Mar 10, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp
x_refsource_CONFIRM
7130
vdb-entry
x_refsource_BID
VU#691153
third-party-advisory
x_refsource_CERT-VN
weblogic-app-reauthentication-bypass(11555)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now